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(57) ABSTRACT 

Creators of computer software provide the most up-to-date 
versions of their computer software on an update service. A 
user who has purchased or downloaded free computer 
software calls an update service or a network service pro- 
vider (e.g., an Internet provider) on a periodic basis. The 
update or network service automatically inventories the user 
computer to determine what computer software (e.g., a 
network browser) may be out-of-date, and/or need mainte- 
nance updates. If so desired by the user, the update service 
computer automatically downloads with a secure software 
transfer process and installs computer software to the user 
computer. By making periodic calls to an update or network 
service, the user always has the most up-to-date computer 
software immediately available. The update or network 
service may also alert the user to new products (i.e. includ- 
ing new help files, etc.), and new and enhanced versions of 
existing products which can be purchased electronically by 
a user and transferred immediately from the update or 
network service. When an upgrade is available, a tag in a 
hypertext document indicates an upgrade should be auto- 
matically downloaded from a location provided in the tag 
when the hypertext document is browsed by a computer 
having a browser. 

23 Claims, 8 Drawing Sheets 
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METHOD FOR IDENTIFYING AND 
OBTAINING COMPUTER SOFTWARE FROM 
A NETWORK COMPUTER USING A TAG 

CROSS-REFERENCE TO RELATED 
APPLICATION 

This is a divisional of U.S. patent application Scr. No. 
08/634,390, entitled, "METHOD AND SYSTEM FOR 
IDENTIFYING AND OBTAINING COMPUTER SOFT- 
WARE FROM A NETWORK COMPUTER," filed Apr. 18, 
1996, now U.S. Pat. No. 6,049,671. 

FIELD OF INVENTION 

The present invention relates to a system for automati- 
cally identifying software that may be appropriate for instal- 
lation on a computer and for making that software available 
to that computer. In particular, the invention relates to a tag 
in a hypertext document indicating software to be automati- 
cally downloaded to the computer. 

BACKGROUND AND SUMMARY OF THE 
INVENTION 

The continual and rapid development of computers, com- 
puter software and related technology has revealed many 
problems with the typical update and distribution channels 
for computer software. For example, computer software, the 
coded instructions that control a computer's operation, is 
constantly and incrementally being upgraded and improved. 
The computer hardware and operating system environment 
on which the computer software is used is continually being 
changed, which requires additional changes in the computer 
software (e.g. new device drivers, new operating system 
calls, etc.). 

A computer software developer will typically release an 
initial version of a software product. Thereafter, as new and 
improved computers and peripherals are developed, the 
software product will commonly be upgraded to take full 
advantage of the increased capabilities of the hardware. In 
addition, a software developer, to remain competitive, will 
often upgrade the software product to provide new features 
and functionality. 

With the ever increasing pace of advancement in com- 
puter related technologies, software developers compete to 
be the first to offer a new feature or upgrade. As a result, 
sometimes software products are made available to the 
public with unknown errors or defects. Similarly, software 
products that work as intended on a particular computer with 
a particular configuration, may fail when installed on a 
different computer having a different configuration (e.g. 
different hardware, peripherals, operating systems, etc.). 
Software developers frequently provide fixes for their soft- 
ware products to correct defects that were undetected or 
unanticipated at the time the software product was released. 
Fixes are also provided to allow the software product to 
function correctly on a new computer or with a different 
operating system environment. 

However, it is often difficult for software developers to 
make upgrades and fixes available to users. This difficulty 
not only deprives the user of access to the most reliable and 
up-to-date software products, it can result in lost sales to the 
software developer and can damage the goodwill and the 
development of a long term relationship with a customer by 
releasing a flawed or deficient software product. 

Commonly, mass distribution of commercial software 
products is accomplished by copying the software product 
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onto storage media (e.g. CD-ROMs, floppy disks, magnetic 
tapes, etc.). To take advantage of economies of scale, 
typically a large number of copies of the software product 
are made during the manufacture of a particular software 
5 product. Then, the storage media containing the software 
product is provided to distributors and retailers for sale to 
users. 

However, given the rapid pace of software development, 
this manner of distribution is frequently insufficient. For 

10 example, it is not uncommon that defects are detected and 
fixes created shortly after a software product is introduced to 
the public. However, the software products that remain in 
the distribution chain contain the defect without the fix. This 
situation is frustrating for users who subsequently purchase 
the software product that is already obsolete (i.e. because of 

15 the defects). 

Software can also be distributed over electronic bulletin 
board systems, the Internet, etc. In such systems, a user 
connects to the bulletin board or the Internet and then selects 
and downloads desired software. Such systems allow for 

20 rapid updating of software by simply supplying a new 
updated version of the software to the bulletin board. 
However, such systems also require a degree of user sophis- 
tication and technical expertise in the selection, download- 
ing and installation of the new software. Moreover, such 

25 systems do not provide a user that has already obtained a 
software product with a simple, automatic way of learning 
of or obtaining upgrades or fixes for that product. The 
software provider may also have updated help files and other 
help utilities about which a user would have no way of 

30 knowing. 

The present invention overcomes many of the problems 
associated with obtaining computer software. A user with a 
user computer is allowed to access (e.g. with a modem, an 
Internet connection, etc.) an update service, a network 

35 service, etc. (e.g. the Internet) at a remote location on which 
is stored a variety of computer software. When a user 
accesses the remote update service or network service, an 
update service computer conducts an automatic inventory of 
the computer software on the user computer. The data 

40 collected from the inventory of the user computer software 
is then used to make comparisons to database entries from 
a database on the update service computer. The database 
entries contain information about computer software avail- 
able on the update service computer. The comparison is 

45 conducted to identify software available from the remote 
update service that might be appropriate for installation on 
the user computer (i.e. new computer software, new versions 
of existing computer software, patches or fixes for existing 
computer software, new help files, etc.). After the compari- 

50 son is completed, the update service computer makes the 
computer software stored at the remote update service 
computer available to the user. 

In one aspect of the invention, available computer soft- 
ware can be downloaded from the remote update service 

55 computer and installed immediately on the user computer. 
Another aspect of the invention allows the update service 
computer to contact the user computer at a later, more 
convenient time, reestablish two-way communications, then 
download and install available computer software on the 

60 user computer. If a delayed download is requested, the user 
will provide access information (e.g. phone number, net- 
work address, a file of commands to execute to logon the 
user computer, etc.) to the update service computer which 
allows the remote update service computer to re-connect to 

65 the user computer. The transfer may use an encryption 
scheme to permit safe transfer of the software to the user 
computer. 
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In yet another aspect of the invention, the system will FIG. 5 is a flow chart illustrating an illustrative sequence 

allow a user to purchase the available computer software which is followed when the update service re-connects to a 

electronically. The user, for example, provides credit card user computer. 

information debit ^card information, an account number to FIG. 6 is a block diagram illustrating the present invention 

bil etc. to the ^update service computer. Secure transaction 5 on a computer network, 

technology and/or digital signatures are used to safeguard a 

the payment information. After verifying the payment FIG. 7 is a flow diagram illustrating a method of obtaining 

information, the update service computer permits transfer of software over a computer network for the present invention, 

the computer software. FIG. 8 is a block diagram illustrating an executable file 

The electronic updates have several advantages. A user is 3Q format, 
automatically provided with information about the available 

versions of computer software as result of the inventory DETAILED DESCRIPTION OF AN 

conducted by the update center computer. If the version of ILLUSTRATED EMBODIMENT 

the computer software on the user computer has defects that n ^ ■ . cir . 1 . c 

, Y , , , Referring to FIG. 1, an operating environment for the 

are known and have been corrected, the user is alerted to this 1C ° , . r t . J o °. . ... 

* > * . & * < . r 4 . 15 illustrated embodiment ot the present invention is a cont- 
ract and is offered an up-to-date version of the computer * ™ *u * i*» ^ * • * 1 

c . rp. « i i * j * i l -1 u-i * c P uter system 10 with a computer 12 that comprises at least 

software. The user is also alerted to the availability of new r u a ~ ~- •« / PDiri + A ■ 

. , - . J one high speed processing umt (CPU) 14, in conjunction 

computer software or enhanced versions of «nstmg com- ^ , m stem u an . u , ^ w and a J n 

puter software, and can purchase them electronically. Id devic6 2Q ^ 6 , 6ments ar£ interconnected b a £ us 

either case, the most up-to-date versions of computer soft- .„ , .. .,, ' 

•i ui t j i j- . 20 structure 22. 

ware are available for downloading to users. 1/m „„. 

The available versions of the computer software can also ™ 6 C ™ 14 18 of fanul , lar deM » 1 a °? inckdes P 

be automatically installed on the user computer. Since it is ™ ^ U computations, a collection of 

no longer necessary for the user to install the computer re f ters 26 , for ! e ? B porary stora 8 e of dala and "fx*"** 

software, the incidence of user related installation problems „ a ° d a oon,r ° 1 ™ l 2 * ««trolhng operation of the system 

is greatly reduced. It is also not necessary for the user to l, 0 " of . a Va " 6t y of P^f 5 ,™ S . ? g i^o r'?? 

obtain or save any storage media since the computer soft- °^ ,al foment, Sun, MIPS, IBM, Motorola, NEC, Intel, 

ware is downloaded directly to the user computer. If the ^f'^^T V" 1 To, ™ d ° f 

computer software installed on the user computer ever gets CP y "- Although shown with one CPU 14, computer 

cormpted, the user can call the update service (e.g.forsome 30 ****** 10 ma y Amatively include multiple processing 

limited number of iterations) and download a new (and 11111 ' 

up-to-date) copy of the computer software. Th e memory system 16 includes main memory 30 and 

In addition to providing benefits for the user, the present secondary storage 32. Illustrated main memory 30 is high 

invention provides benefits to the developers of the soft- s P eed random access memory (RAM) and read only 

ware. The developers of the computer software save support, 35 mem ^ (ROM). Mam memory 30 can include any addi- 

distribution, and advertising costs. A user who calls the Uonal or alternative hl S h sP eed memory device or memory 

update service or network service automaticaUy obtains circuitry. Secondary storage 32 takes the form of long term 

up-to-date versions of available computer software, and may stora S e » such 35 R0M > °P tlcal or magnetic disks, organic 

never encounter defects which would have been encountered memory or any other volatile or non-volatile mass storage 

using an earlier, defective version of the computer software. 40 s y stem ' 111050 skilled m the art ™ m recognize that memory 

As a result, a user will require less support from the 16 can comprise a variety and/or combination of alternative 

developers of the software, be more satisfied, and be more components. 

willing to purchase future versions of computer software. The input and output devices 18, 20 are also familiar. The 

Since the computer software is downloaded to the user mput device 18 can comprise a keyboard, mouse, pointing 

computer, the developers of the computer software may save 45 device, sound device (e.g. a microphone, etc.), or any other 

distribution costs as fewer versions of the computer software device providing input to the computer system 10. The 

have to be copied to storage media and distributed. In output device 20 can comprise a display, a printer, a sound 

addition, since the user is also alerted when new computer device (e.g. a speaker, etc.), or other device providing output 

software, and/or new versions of existing computer software to the computer system 10. The input/output devices 18, 20 

are available, the software developers may also save adver- 50 can also include network connections, modems, or other 

tising costs. devices used for communications with other computer sys- 

The foregoing and other features and advantages of the terns or devices, 

present invention will be more readily apparent from the As is familiar to those skilled in the art, the computer 

following detailed description, which proceeds with refer- system 10 further includes an operating system and at least 

ence to the accompanying drawings. 55 one application program. The operating system is a set of 

BRIEF DESCRIPTION OF THE DRAWINGS so ^ are J*** "f^ T" FT'' 

and the allocation of resources. The application program is 

FIG. 1 is a block diagram of a computer system used to a set of software that performs a task desired by the user, 

implement an illustrated embodiment of the present inven- making use of computer resources made available through 

k° n - 60 me operating system. Both are resident in the illustrated 

FIG. 2 is a block diagram illustrating the update service memory system 16. 

center and the remote user computers. r n accordance with the practices of persons skilled in the 

FIG. 3 is a block diagram illustrating the access processes art of computer programming, the present invention is 

on the user and update service computers. described below with reference to symbolic representations 

FIGS. 4A-4B are a flow chart illustrating an illustrative 65 of operations that are performed by computer system 10, 

sequence which is followed when a user calls the update unless indicated otherwise. Such operations are sometimes 

service. referred to as being computer-executed. It will be appreci- 
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ated that the operations which are symbolically represented (SUA) 48 that will communicate with a user update appli- 

include the manipulation by CPU 14 of electrical signals cation (UUA) 50 on the user computer when the update 

representing data bits and the maintenance of data bits at service is contacted by the a user with a user computer. The 

memory locations in memory system 16, as well as other user update application 50 is a computer software program 

processing of signals. The memory locations where data bits 5 that is capable of initiating, establishing and terminating 

are maintained are physical locations that have particular two-way communications with an update service application 

electrical, magnetic, optical, or organic properties corre- on the update service computer. The service update appli- 

sponding to the data bits. cation 48 is a computer software program which is also 

As is shown in FIG. 2, one illustrated embodiment of the capable of initiating, establishing and terminating two-way 

invention consists of one or more user computers 34 which 30 communications with a user update application on a user 

are connected over communications links 36 to an update computer. 

service center 38. The update service center consists of one To access the update service center 38, a user starts a user 

or more second remote computers) 40, one or more com- update application (UUA) 50 on the user computer 34 to 

munications links 36, and one or more databases 42. be g in the access process. The user update application 50 

The update service center 38 consists of one or more 15 trie f t0 establish a two " wa y ^communications link.36 with an 

computers 40 (e.g., the computer that was described in HG. update service computer 40 using a modem, a network 

1) which are capable of simultaneous access by a plurality («•* ^emet , etc However this access can also 

t * ir i i * c j * • . be completed by a vanety of other methods which provide 

of user computers. If a plurality of update service computers d ^ ^ ^ applicaticm 48 on 

are used, then he update service computers may be con- the user uter 34 tries tQ estab £ h a t ™ commu . 
nected by a local area network (LAN) 44 or any other similar 20 nications Unk 36 t0 the update service computer 40, the 
connection technology. However, it is also possible for an update ^ice computer starts a service update application 
update service center to have other configurations, one of ( S UA) 48. The service update application on the update 
which is shown in FIG. 6 and will be explained below. For service computer then tries to establish a two-way commu- 
example, an update service center could have a smaller nications link to the user update application on the user 
number of larger computers (i.e. a few mainframe, mini, etc. 2 5 computer. This is shown by the dashed lines 52 in FIG. 3. 
computers) with a number of internal programs or processes This communications link can be established with a network 
running on the larger computers capable of establishing protocol suite (e.g., TCP/IP) through sockets, or any other 
communications links to the user computers. The update two-way communications technique known in the art. 
service center may also be connected to a remote network After establishing a two-way communications link, the 
(e.g. the Internet shown in FIG. 6) or a remote site (e.g. a 30 service update application conducts an automatic inventory 
satellite) (which is not shown in FIG. 2). The remote (i.e., without input from the user) of the computer software 
network or remote site allows the update service center to on the user computer. The data collected during the inven- 
provide a wider variety of computer software than could be tory is sent from the user computer to the remote update 
stored at the update service center. One or more databases 42 service computer. The service update application on the 
connected to the update center computers) 40 are used to 35 update service computer compares the inventory data col- 
store database entries consisting of computer software avail- lected from the user computer to data stored in a database on 
able on the update service computers). The update service the update service computer. The database contains infor- 
computer(s) also contain a plurality of communications links mation on available computer software available from the 
36 such as telecommunications connections (e.g. modem update service. The update service computer then creates a 
connections, ISDN connections, ATM connections, frame 40 summary and sends the summary to the user computer. The 
relay connections, etc.), network connections (e.g. Internet, summary 54 is then presented to the user by the user 
etc.), satellite connections (e.g. Digital Satellite Services, computer. The summary contains information about com- 
etc), wireless connections, two-way paging connections, puter software available on the update service computer 
etc., to allow one or more user computers to simultaneously such as the availability of patches and fixes for existing 
connect to the update service computers). The connections 45 computer software, new versions of existing computer 
are managed by an update server 46. software, and brand new computer software, etc. In addition, 
After a user computer establishes two-way communica- tne availability of agent help files, wizards, inference 
tions with the update service computer, an inventory of engines, and other operating system components will be 
computer software on the user computer is completed with- listed in the summary. 

out interaction from the user, sent to the update service 50 The illustrated embodiment of the invention is imple- 
computer, and compared to database entries on the update mented in the Microsoft Windows 95 operating system by 
service computer. The database entries from the database the Microsoft Corporation of Redmond, Wash, using a 
connected to the update service computer contain informa- modem, or a Internet network connection, for access to the 
tion about computer software which is available to a user. update service computer. The invention can likewise be 
After the comparison, the user computer is sent back a 55 practiced with other operating systems and other access 
summary of available computer software which is displayed technologies that allow two-way data transfer, 
for the user. The summary contains information such as the As is shown in the flowchart in FIG. 4A, a user begins the 
availability of patches and fixes for existing computer access sequence 56 to an update service by launching a user 
software, new versions of existing computer software, and update application included in the Windows 95 operating 
brand new computer software, new help files, etc. The user 60 system. However, the user update application can also be 
is then able to make one or more choices from the summary any application that is capable of two-way communications, 
of available computer software, and have the computer and run under other operating systems. The user update 
software transferred from the update service computer to the application allows the user computer to establish a two-way 
user computer. The user may choose to update on the fly, or communications path for access to the update service corn- 
store update information for future update needs. 65 puter. 

As is shown in FIG. 3, running on the update service When the user update application starts 58, the user is 

computers) 40 is one or more service update applications shown optional help information which instructs the user on 
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how to establish a connection between the user computer computer software is marked as unknown by the update 

and the update service computer. The actual connection service computer. After the service update application com- 

conliguration is completed by allowing a user to choose the pletes the analysis of user computer software, a summary 

appropriate connection method 60. For example, the user report is sent back to the user computer from the update 

may choose to establish the connection with a modem. If a 5 service computer 76. 

modem is chosen, the phone number to dial, modem (e.g. r .,, . . , # . - . 

speed, line type, etc.) and communications parameters (e.g. ' n , the Crated system^ the user can choose from several 

parity, stop bits, etc.) are then configured. If the user choosls "P* c °^ ot f- °° e °P tKm ™l be 10 che * for 

to make a network connection (e.g. Internet, etc.) to access maintenance updates for all computer software installed on 

the update service, the network address of the update service ln ^ us " computer that is known by the update service. A 

and other network parameters are configured. A similar 10 se f nd °^ oa m *l be t0 cbeck onl y s P eclfic «"nputer 

sequence would be completed for other connection tech- software, or a specific group of computer software stored on 

nologies me user com P uter for maintenance updates. For example, if 

When' the user update application attempts to make the the USer ^ ted /° che <* anc ! 566 * ' here were ^ mainte - 

desired connection 62, the update service computer launches 15 ™** ^P^ates for a Particular word prang program 

, . . . t A A . r . 4 . 15 option two would be selected. A third option may be to check 

a service update application 64. A two-way communications r . . , * . ' 

*u cc ■ * <L • I. 1- whether there are any new or enhanced versions of computer 

path 66 is set up between the service update application on . . / tU A . A - * . 

f u » . . , * a i* a' software available from the update service. A fourth option 

the update service computer and the user update application . . , . . c y . c , c 

t , r S. . , . T may be to check only for new versions of specific computer 

on the user computer. The service update application on the Z • c ♦ a ■ . « ^ .u 

r , * «l ffi. » . software or groupings of computer software installed on the 

update service computer then requests that the user update on f f SL* 4 . < . , i 

t . 4U 7 j . . r 4 . 2U user computer. A firth option may be to check the update 

application on the user computer conduct an automatic . v L c . c 4 . A ? 

■ 4 c ii 4 & • * 11 j it service computer for information on new computer software 

inventory of all computer software installed 68 on the user . , v , t . , ■ 

(i.e. brand new products, not new or enhanced versions of 

_. P , ' , t . . . , existing products). A sixth option may be to check only if 

In die illustrated system, this inventory is done automati- ^ afe ncw hel fil of Qther n6W rt data avaflabk 

cally(i.e., without input from the user), and is completed by 25 ^ M of tions not t0 be ^ inchlsi as 

assigning the inventory task to a Window s 95 operating Qther lions can be added to ide additional date 

system process thread on the user computer The operating servke Based on user j t the user date 

system thread completes the task in the "background while lication creates an om t rt 78 4B) based on 

me user is performing other activities in the "foreground ' , he Uon(s) chosen b the user and ^ ^ 

(e.g choosing options from the user update application) 30 ^^edby the service update appUcation. The service update 

Background and foreground processes refer to a number of application can also create the output report direct]y usi 

operation system processes and process threads which are ^inH choices with no input at all from a user, 

run for some specified time interval by the opera ting system. r „ t A . ^ , 

Threads are well known in the art and are used in other If the output report is not empty 80, a second optional 

operating systems such as Windows NT by Microsoft, and 35 ?P ort * created and displayed for the user providing a short 

OS/2 by IBM. However, other operating system techniques description that summaries the computer software available 

could also be used to accomplish the inventory on the user from the update service 82. This second optional report is 

computer used by the user to determine what computer software on the 

r» . '.u • ♦ a* - 11 ♦ a u ♦ 11 . user computer will be updated, if any. If the output report is 

During the mventory, data is collected about all computer * a. A v * 

C4 °- 4 „ , \l n ^ t. 4i_ empty, the computer software on the user computer is 

software installed on the user computer. Data such as the 40 ' , t , „ OA * u ^ iL 

.... j > ci • £i i. i j • current and up-to-date 84, so no further action by either the 

software title, date, version, file size, file checksum, direc- , . . r , ' . , / . , 

,4 4. 4 ' ii 4 j i f, update service computer or the user computer is required, 

tory location on the user computer, etc. are collected. After r v r n 

the inventory is complete, the user update application sends If the out P ut re P ort » not em P 1 ^ lhen ^ user » *&ed to 
70 the inventory data from the user computer to the service cnoose which available computer software shown in the 
update application on the update service computer. The 45 output report, if any, will be downloaded and instaUed on the 
service update application compares the user inventory data user computer 86. No software is downloaded without the 
from the user computer to database entries in the computer uscr ' s permission. If one or more computer software corn- 
software database to automatically analyze the computer ponents (i.e. pieces or parts of the available computer 
software stored on the user computer 72. The database software) are chosen by the user, the user update application 
connected to the update service computer has entries which 50 " instructed to make backup copies of all of the computer 
contain information about available computer software. The software components on the user computer that will be 
database entries also identify and describe, for example, affected, and create a log for the user documenting which 
components of the computer software, including new com- computer software will be replaced 88. The backup copies 
puter software, patches, fixes, oew help files, wizards, infer- and ^ lo 8 can be used by the user to restore the original 
ence engines, other operating system components, updates 55 version of the computer software components on the user 
as well as enhancements and new features of existing computer if a need arises to do so. 

computer software. The database entries describing new The user has the option of choosing none, one, or a 

computer software may also include entries describing brand number of computer software components to download and 

new computer software (i.e. computer software that is newly install. If the list of available computer software to be 

created, and not previously existing). 60 downloaded and installed is large, the user also has the 

Any computer software installed on the user computer option of delaying the update to a later time 90. If the user 

which is listed in the database on the update service com- chooses an immediate download, the user is asked if the 

puter (e.g. out-of-date and/or requires a maintenance update, service update center should also install the computer soft- 

etc.) is flagged as available 74. The user computer may also wa re chosen by the user 92 after downloading, 

contain computer software that is not known by the update 65 If immediate installation is chosen, the service update 

service. If the user computer contains computer software application on the update service computer downloads the 

which is unknown to the update service computer, this available software to the user computer and installs the 
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software in the proper place (e.g., in the proper directory or computer. Included with the downloaded computer software 
subdirectory) on the user computer 94. A log is also created is an installation application that will be used later by the 
that records what computer software was downloaded to the user to install the computer software. When the transfers are 
user computer. If immediate installation is not chosen by the complete, the update service computer terminates the con- 
user, the user can save any update information, and continue s nection to the user computer 108. An encryption scheme 
with other tasks before deciding when to download any may also be used to permit safe automated transfer of the 
software chosen by the user. software to the user computer. 

If the user chooses a delayed update, the user provides When the user is ready to install the computer software 
re-connect information 98 that allows the update service (e.g. the next morning if the computer software was trans- 
computer to re-connect to the user computer at a more 10 ferred and installed in the middle of the night), the user 
convenient time (e.g. midnight, etc.) and complete the simply launches the installation application supplied by 
downloading and installation at that time. update service computer. 

As part of the re-connect information, the user may create Leaving the user an installation application to execute is 

a logon script using an automated macro language to provide an added safety and security measure for both the user and 

the logon sequence to be used, and the directory to be used 15 the update service. The user computer is not updated unless 

to download the software chosen by the user. The logon the user personally starts the installation process. However, 

script and the time the user wishes to have the chosen the user can also choose to have the computer software 

software downloaded are then sent to the update service automatically installed by the update service when it 

computer, and stored in an update service computer data- re-connects to the user computer (but, user permission is 

base. At the appropriate time chosen by the user, the update 20 always obtained and recorded first). In this case, the instal- 

service will execute the logon script to re-connect to the user lation application is not downloaded to the user computer, 

computer, and download the chosen software in the proper However a log is created so a user can determine what 

directory. An encryption scheme may also be used to permit available computer software was downloaded and installed, 

safe transfer of the software to the user computer. As was described above, the third, fourth, and fifth 

The user also has the option of choosing a logon method options allow a user to check for new versions of existing 

different than the one they are currently connected to the computer software, or new computer software available 

update service center with. For example, if a user is con- from the update service. If a new version of existing 

nected to the update service center with a modem, the user computer software, or new computer software is available, 

may choose to have the chosen software downloaded at a 3Q the user is asked if they wish to purchase the computer 

later time using a network connection (e.g., Internet, etc.) software. If so, the appropriate fee is requested from the 

However, the user's computer must be capable of accepting user. The user can pay the fee electronically by transmitting 

software with a different connection method. credit card information, debit card information, billing 

To allow a re-connection using a modem, the user would account information, etc. to the update service computer 

enter the phone number of the phone line attached to the user 35 from the user computer. Digital signatures, secure transac- 

computer and send this information to the update service lion technology, or an encryption scheme may also be used 

computer. The user would leave the user computer and to collect payment information from the user. Once the fee 

modem on, and set the communications software in an information is collected by the update service computer and 

answer mode to answer any incoming calls. For a network is verified, the user can choose between immediate or 

re-connection, the user would provide the update service 40 delayed downloading of the new, or new version of the 

computer the user network address and set the network computer software following steps (88-98) (FIG. 4B) 

software in a host mode to process any network connection described above. 

attempts. Since new versions of computer software are typically 
The delayed downloading is illustrated in the flow chart in very large, the user will be informed that a delayed instal- 
FIG. 5. To complete the delayed downloading, the update 45 lation is probably most efficient for the user. If a delayed 
service computer launches a service update application that installation of a new product is chosen, the update service 
tries to re-connect 100 to the user computer. The update computer will then re-connect to the user computer at a later 
service application will use the information provided at an time and download the new version of the computer soft- 
earlier time by a user (e.g. modem logon information, ware as was shown in FIG. 5. In the illustrated embodiment, 
network logon information, a logon script, etc.). If the 50 the update service uses a digital satellite service link, or 
connection is successful, a service update application on the some other higher bandwidth connection to transfer the 
update service computer asks the user computer to launch a computer software to the user computer whenever possible, 
user update application to re-establish a two-way commu- If the user chooses not to pay for a new version of 
nications path 102. The re -connect to the user computer may computer software when the update service is called, addi- 
be completed using a different access method than was used 55 tional data from which the user can obtain more information 
during the original user computer-update service computer on the new computer software is displayed. For example, the 
connection. For example, the update service computer may information may contain a summary of the features of the 
request a digital satellite system re-connect to the user new computer software and the information may also con- 
computer instead of the update service computer. A different tain a list of retail outlets close to the user where the user 
access method is typically chosen to provide the most 60 mav then purchase a new version of computer software on 
efficient and greatest bandwidth data transfer between the storage media if desired. Some users may prefer to obtain 
update service computer and the user computer. the computer software on storage media and call the update 
After establishing a new two-way communications path, service to obtain up-to-date versions of the computer soft- 
the user update application creates a new directory 104 on ware. 

the user computer, where the computer software is trans- 65 In another embodiment of the present invention, software 

ferred and stored 106. A log is also created to document what updates are determined for network-related software for 

available computer software was transferred to the user computer networks like the Internet. The Internet is a 
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world-wide network of cooperating computer networks. 
Connected to the Internet are thousands of individual com- 
puters each with a variety of application programs. 

From a user's point of view, access to the Internet and its 
services typically are accomplished by invoking network s 
application programs (e.g., Internet browsers). The network 
application programs act as an interface between a user and 
the Internet. The application programs are typically "client" 
applications that accept commands from the user and obtain 
Internet information and services by sending requests to 10 
"server" applications on another computer at some other 
location on the Internet. 

There are many network browsers known in the art such 
as the Internet Explorer by Microsoft Corporation of 
Redmond, Wash., Netscape Navigator by Netscape Com- 15 
munications of Mountain View, Calif., and Mosaic by the 
National Center for Supercomputer Applications (NCSA) of 
Champaign-Urbana, 111. 

These network browsers send network requests via the 
File Transfer Protocol (FTP), Simple Mail Transfer Protocol 20 
(SMTP), Hyper Text Transfer Protocol (HTTP), Gopher, etc. 
which are used to exchange data with a computer network 
like the Internet. FTP is used to move files from one 
computer to another. FIT operates independendy of where 
the computers are located, how they are connected, or even 25 
whether they are using the same operating system. Provided 
both computers can "talk" FTP and have access to a mutu- 
ally common network, FTP can be used to transfer files. 

Gopher allows an application to browse Internet resources 3Q 
using menus. The Gopher menus allow browsing of Internet 
resources regardless of their type. A Gopher user need not 
specify formal Internet details (e.g., domain names, IP 
addresses, etc.) to find desired information. 

HTTP is a protocol used to access data on the World Wide 35 
Web. The World Wide Web is an information service on the 
Internet containing documents created in the Hyper Text 
Markup Language (HTML). HTML allows "links" to other 
documents, which may found on other Internet host com- 
puters. The HTML document links may use HTTP, FTP, 40 
Gopher, or other Internet application protocols, to retrieve 
the remote data pointed to by the link. 

As is shown in FIG. 6, which is an integrated illustration 
of alternative conventional ways in which a client computer 
may communicate with a network, a client networking 45 
application program (e.g., an network browser) 110 residing 
on a client computer 112 which is a stand alone computer or 
is a computer connected to a local area network (LAN) 114. 
Client networking application program 110 communicates 
with (e.g., makes a data request of) a server application 116 50 
on a remote server computer 118 connected to a remote 
computer network (e.g., the Internet) 120. The communica- 
tions can be a direct connection 122, or the communications 
124 can be achieved using a pair of modems 126 or some 
other telecommunications device (e.g., an ISDN device) (not 55 
shown in FIG. 6). Hereinafter the client networking appli- 
cation program 110 will be referred to as a "network 
browser". 

In the rapidly changing Internet environment, network 
browsers are continually enhanced to provide new and 60 
additional features. As a result, when a user contacts a 
network browser service (e.g., the Internet or a World Wide 
Web site operated by the network browser developer or a 
service provider operating on behalf of the developer), a 
user's network browser can be checked, and the user alerted 65 
to the availability of a new or enhanced version of the 
network browser. This invention is described with reference 
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to features and utilities included in the Windows 95 oper- 
ating system of Microsoft Corporation. It will be 
appreciated, however, that these features and the functions 
of the utilities could be performed by other operating 
systems or applications. 

In a preferred embodiment of the present invention, 
information about a network browser is stored at a client 
computer in an operating system registry. The operating 
system registry, as is known in the art, is a hierarchical 
database of keys and values that stores information describ- 
ing a computer system's hardware, user preferences, avail- 
able application programs, and other configuration data. A 
preferred embodiment of the present invention uses the 
Windows 95 operating system registry to store information 
about the available network browsers and other available 
software. However, other registering techniques and other 
operating systems can also be used. 

For example, the Windows 95 operating system registry 
may contain the following entry: 

SW/ 
MSIE 

TS=04/15/96 12:32:33 
VER=2.0 

where "/SW" is a software enlry in the registry, "MSIE" is 
the name of the network browser,(e.g., Microsoft Internet 
Explorer), "TS" is the time stamp signifying when this 
version of the network browser was installed on the client 
computer 112, (e.g., Apr. 15, 1996 at 12:32:33 pm) and 
"VER" is the VERsion of the network browser (e.g., 2.0). 
However, other operating system registry formats could also 
be used. 

When the user contacts a network service with a network 
browser, the server application 116 (with functionality simi- 
lar to the service update application 48 of FIG. 3) determines 
the type of network browser being used, and then reads the 
operating system registry on the client computer 112 to 
determine the installation date and version of the network 
browser being used as was described above and illustrated in 
FIGS. 4A-^B. 

If a new or enhanced version of the network browser is 
available, the user is asked whether he wishes to download 
it from the server computer 118 to the client computer 112. 
If the user answers in the affirmative, the new or enhanced 
version of the network browser is downloaded to the user 
client computer 112 by the remote server application 116 on 
the server computer 118 over the computer network 120. 
The same method is used for other network- related software 
and for other non-networking software as was discussed 
above. The user can also choose a delayed request as was 
described above. 

In addition, an HTML document requested by the user can 
contain an HTML reference to request a specific version of 
a network browser or some other application software. The 
HTML reference preferably appears as a conventional 
HTML reference or link that is included; for example, in a 
description of the specific version of the network browser. 
For example, a reference to a network browser in an HTML 
document may be: 

<FETCH TS="04/15/96" DESC«"Microsoft Internet 
Explorer Ver. 2.0" SRC="http://www.microsoft.com/ 
ie/MSIE20.exe"> 

where FETCH indicates an HTML software download 
command, 

TS-"04/15/96" is the Time Stamp for the requested 
software, DESC-" Microsoft Internet Explorer Ver. 2.0" is a 
text DESCription of the requested software, and SRC- 
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"http://www.microsoft.com/ie/MSIE20.exe" is the Internet 
(or intranet or other network) location of the requested 
software. This type of HTML reference can also be used to 
receive software viewers, or other software applications that 
are used within HTML documents. s 

In a preferred embodiment of the present invention, if the 
user desires to obtain a new or enhanced version of software 
(e.g., the network browser) or an HTML FETCH reference 
is made, the software is sent using a Secure Software 
Distribution (SSD) process. However, a non-secure software 10 
distribution process could also be used. The Secure Software 
Distribution process uses a collection of software applica- 
tions that enable a server application 116 to distribute 
software to users in a high-quality, reliable, and secure 
manner. 15 

Distributing software over public channels like the Inter- 
net (or public intranet channels) exposes the software to 
accidental or intentional corruption or attack (e.g., viruses, 
trojan horses, etc.). By using a SSD process, new versions of 
software (e.g., a new network browser requested by an 20 
HTML Fetch request) can be verified as being secure by the 
server application 116, sent across a public network channel 
(e.g., the Internet), and then verified again by the client 
application 110, A SSD process is available as an option 
from a network browser (e.g., the Microsoft Internet 25 
Explorer) and is described below in greater detail. 

In a preferred embodiment of the present invention, SSD 
is used to distribute a self-extracting archive of files to a 
client application 110. The self-extracting archive of files 
will contain a new or enhanced version of a network browser 30 
software received by an HTML FETCH command or other 
software request. When this archive is executed, it extracts 
all of the included files, and then executes one of those files 
(e.g., setup.exe) to complete the installation automatically 
(i.e. without further user input). The flowchart in FIG. 7 35 
shows a method 128 of creating a secure, self-extracting 
archive of files using an SSD process. 

When a user makes a request, either explicitly or by a 
HTML Fetch reference, for software (e.g., a new or 
enhanced version of a network browser or other software), 40 
the server application 116 on the server computer 118 
creates a file of directive commands 130. The file of direc- 
tive commands is typically stored in a Media Directive File 
(*.MDF) format. However, other file formats could also be 
used. The file of directive commands or directive file is used 45 
to create a Cabinet file and to designate an installation 
program to run to install the requested software. A cabinet 
file (*.CAB) is a grouping of files that are commonly 
conceptualized as being stored in an "electronic filing cabi- 
net." Cabinet files are known to those in the art. For 50 
example, to create the cabinet file, the directive file may 
contain the following directives: 

.Set Cabinet-on 

.Set Compression-on 

bin\msie20.exe 

bin\msie20.hlp 

bin\msie20.dll 

where the directive ".Set Cabinet=on" is used to indicate 60 
creation of a cabinet file, and the directive ".Set 
Compression=on" is used to indicate the files in the cabinet 
file are to be compressed. In a preferred embodiment of the 
present invention, the compression scheme used is a loseless 
data compression scheme called "LZ77," which is a variety 65 
of the lossless Lempel and Ziv compression scheme known 
in the art. However, other compression schemes can also be 
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used. Compressing files in the self-extracting archive makes 
the self-extracting archive smaller in size and thus, easier to 
transmit to a client application. 

As an example, the file "bin\MSlE20.exe" is an execut- 
able (*.EXE) version of the Microsoft Internet Explorer 
version 2.0 from the "bin\" directory, the file "MSIE20.hlp" 
is a help file for the Internet Explorer version 2.0, and the file 
"MSIE20.dH" is a Dynamic Link Library for the Internet 
Explorer version 2.0. Dynamic Link Library (DLL) files 
provide reentrant function libraries that applications link to 
and call as regular function calls. DLLs are known and 
understood by those skilled in the art. More or fewer 
directives files, and types of files, could also be used for the 
cabinet file. 

A set of directives in the directive file is also used to mark 
an installation program to install the software contained in 
the cabinet file. In a preferred embodiment of the present 
invention, the directive file may include a switch that can be 
set to run the installation program automatically (i.e., with- 
out further user input). For example, the following lines may 
be included in the directive file for an installation program: 

.Set Cabinet=off 

.Set Compress=off 

.Set InfAtt-off 

bin\setup.exe 

bin\setup.inf 

where the directive ".Set Cabinet«=off" is used leave the 
installation program outside a cabinet file, the directive ".Set 
Compression=off" is used to suppress compression of the 
installation program, and the directive ".Set InfAtt=off" sets 
the read file attributes for the installation program, (e.g., 
turns off read-only mode, etc.). In this example, the 
"bin\setup.exe" file is the chosen installation program, and 
the "bin^serup.inf" is an information file (*.INF) for the 
installation program. Both setup files are from the "\bin" 
directory. More or fewer directives and files could also be 
used for the installation program. In an alternative embodi- 
ment of the present invention, the installation program could 
also be compressed and placed in a cabinet file. 

Other directives (e.g., file directives) are also typically 
added to the directive file. For example, the following lines 
may be included in the directive file: 

Set CabinetNameTemplate=IE20.* 
Set DiskDirectoryTemplate«IE20* 

where the directive ".Set CabinetNameTemplate=IE20.*" 
sets the cabinet name template (e.g., IE20.exe, IE20.dll), and 
the directive ".Set DiskDirectoryTemplate=IE20*" sets the 
disk directory template (e.g., ME20). More or fewer direc- 
tives could also be included. An exemplary layout of a 
directive file is shown below. 

;Example cabinet file 
;file directives 

.Set CabinetNameTemplateoIE20.* 
.Set DiskDirectoryTemplate=IE20* 

installation program 
.Set Cabinet-ofI 
.Set Compress-off 
.Set InfAtt-off 
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bins\setup.exe 
bin\setup.inf 

;cabinet file 
.Set Cabinet=off 
.Set Compress=off 
.Set lnfAtt=off 
bin\setup.exe 

bin\setup.inf 
;*** <end> 

where the lines beginning with semi-colons represent 
comments in the directive file. File directives are typically 
placed at the top of the directive file, then the cabinet file 
information and related directives, and then the installation 
file information and related directives. However, other direc- 
tive file layouts could also be used. 

The cabinet file just described is created with a disk layout 
and compression application called Diamond by Microsoft. 
However, other tools could also be used to build the cabinet 
file. To create a cabinet file from the exemplary directive file 
shown above, the server application 116 issues the following 
command: 

diamond/fEle.ddf 
to build a cabinet file (*.CAB) from the directive file 132. 
Directive files used with the Diamond disk layout and 
compression tool are typically designated as Diamond Disk 
Format (*.DDF) files instead of Media Directive File 
(*.MDF) as was described earlier. DDF format is similar to 
MDF format, but differs by providing the ability to create 
self-extracting, executable, secure distribution files contain- 
ing software. However, other format designations could also 
be used. The Diamond Disk Compression and Layout appli- 
cation is summarized below. 

diamond/source_file [deslination_file][/RUNl/INF-YES|NO] 

Switches: 

/f source_file Is the name of the source directive 
file(e.g.,*.DDF) and may include a relative or abso- 
lute path specification. 

[/RUN] Is an optional switch to automatically run the 
installation program after extraction. 

[/INF»YES|NO] Is an optional switch to include an 
information file with the installation program and has 
the values of YES or NO. 
Parameters: 

[destination__file] Is an optional parameter to store a 
name in the cabinet file, if ".Set Cabinet=on," or the 
name of the destination file if ".Set Cabinet-off." 
After it is created, the cabinet file is combined with a 
self-extracting application program 134 called "WEX- 
TRACT.EXE" to create a self -extracting executable archive 
file (e.g., dist.exe). This combination is the self-extracting 
archive of software, and hereinafter will be referred to as a 
self-extracting executable distribution file. The combining 
of the cabinet file and WEXTRACT IProgram is performed 
by a Windows 95 utility application program called "COM- 
BINE.EXE." However, other self-extracting and combina- 
tion application programs could also be used. 

The COMBINE application program combines the cabi- 
net file with the WEXTRACT program to create a self- 
extracting, executable distribution file. The cabinet file is 
attached to the WEXTRACT program as a user defined 
resource called "CABINET." User defined resources are 
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known to those skilled in the art. The COMBINE application 
computes an installation table of how many disk clusters 
will be needed to extract and store the files included in the 
cabinet file for each cluster size that is designated by file 

5 directives in the *.DDF or *.MDF directive files. The 
installation table is placed in the executable distribution file 
(e.g., dist.exe) for use by the WEXTRACT program at 
extraction time. In addition, the server application may 
specify an additional amount of user space that is required 

10 during the installation process. The user space is specified by 
a user from the network browser when the desired software 
is selected. This user specified space is also stored in the 
installation table. The WEXTRACT program uses the infor- 
mation in the installation table to prevent extraction until 

15 enough free space is available on client computer 112 to 
complete the installation. If enough free space is not 
available, the user is asked to delete existing files to free up 
space before the installation takes place. 

COMBINE also allows other information such as graphi- 

20 cal images and text to be added to the self-extracting 
executable distribution file. This information is typically 
shown while the self-extractor is running and allows cus- 
tomization of the installation application. The information 
may include a summary of features in the application 

25 program included in the distribution file, customization 
options selectable by the user, and reminders regarding 
registration and other protection for the program. Customi- 
zation of the installation application increases visual appeal 
for the user. In addition, the cabinet file added to the 

30 self-extracting distribution file can be a cabinet file in a 
linked set of cabinet files. The WEXTRACT application will 
follow any cabinet links to subsequent cabinets. This allows 
distribution of large software packages in smaller pieces 
(e.g., by disk sizing) while still having a single executable 

35 distribution file that is relatively simple in format. The 
COMBINE application is summarized below. 

combine [/S extrasize] extractor cabinct_Jilc destination 

40 

Switches: 

[/S extrasize] Set the number of extra 32 k clusters that 
this application will need for installation. If no /S 
parameter is provided it will default to zero. This 
45 parameter can be retrieved later by (MSSFVerify( )) 

and passed to the self-extractor (e.g., WEXTRACT) 
to prevent it from running until enough disk space is 
available. 
Parameters: 

50 extractor The name of the extractor with which the 
cabinet file will be attached (e.g., WEXTRACT). 
cabinet__file The name of cabinet file to be made 

self-extracting (e.g., file.CAB). 
destination The name of the resulting self-extracting 
55 executable distribution file (e.g., dist.exe). 

The WEXTRACT program is preferably a Windows 95 
based application for extracting cabinet files. WEXTRACT 
will extract the cabinet file that is attached to the WEX- 
TRACT executable by the COMBINE application. 
60 However, other extraction programs could also be used. Any 
disk space information that was added to the installation 
table is included in the self-extracting executable distribu- 
tion file by the COMBINE program will be used to prevent 
the extraction and installation from running until the client 
65 computer 112 disk space needs are met. Any text descrip- 
tions or graphics images that were added to make the 
installation interface more user friendly and informative will 
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also be extracted by WEXTRACT. The WEXTRACT appli- Switches: 

cation is summarized below. [/F] An optional switch to replace the digital signature 

if the file is already signed with a digital signature. 

v m( cabinet_fi!e] Parameters: 

Parameters- 5 source The name of the file to be signed 

cabinet jfile An optional parameter for the cabinet file ^ °f°^ namC f ° r the 0Utp u Ul 

to extract. If no cabineUfile is specified, then the file ' the destination is not provided then the 

WEXTRACT application attempts to retrieve the signature will be added onto the source file, 

cabinet from itself as a user-defined resources called Returning to FIG. 7, the secure, self -extracting executable 

"CABINET', (see COMBINE above). 10 distribution file (e.g., file.SEC) is transmitted 146 from the 

After the cabinet file is combined with WEXTRACT, the server computer 118 over a computer network (e.g., the 
resulting self-extracting, executable distribution file (e.g., Internet) to the client computer 112 and passed to the 
dist.exe) is digitally signed with a digital signature to create network browser 110. However, as was described above, the 
a signed, self-extracting executable distribution file 136. The user can delav transmission of the requested software until 
executable distribution file with the digital signature is now 35 a later more convenient time (see FIG. 5). 
a SECure (*.SEC) executable distribution file. The digital Wh&n the network browser receives the secure, self- 
signature is preferably added with a Windows 95 utility extracting executable distribution file, the digital signature is 
application program called "SIGNMS.EXE". However, verified 148. The digital signature is verified with a digital 
other digital signature application programs can also be signature verification function called "MSSFVerify( )". The 
used. 20 MSSFVerify( ) function is stored in a Windows library 

The SIGNMS application appends a digital signature to called MSSFCHEKUB. 

the self-extracting executable distribution file (or a copy of A call to MSSFVerify( ) by the network browser 110 

the self-extracting executable distribution file if a destination decrypts with a public RSA decryption key, the encrypted 

argument is provided as will be explained below). Self- original SHA hash value received in the self-extracting 

extracting executable destination files that are copied and 25 distribution file. One or more public RSA decryption keys 

digitally signed have the original self-extracting executable are typically published by the software distributor The 

destination file name and a * .SEC sufBx. Once the * .SEC file private key is not published. The SHA hashing process is 

is verified against its digital signature, the self-extracting tnen used to compute a second SHA hash value. The second 

executable distribution file is renamed to its original name SHA hash value is compared with the original SHA value 

and the .SEC suffix is truncated. 30 sent in the digital signature. 

The digital signature is created with a Secure Hashing If & c second (i.e., computed) SHA hash value and the 
Algorithm (SHA) hash process. The SHA hash process original SHA hash value are identical 150, the self- 
returns a value that is encrypted using a private 1024-bit extracting executable distribution file is deemed secure and 
RSA encryption key. The SHA hash process is a one-way free from accidental or intentional corruption. The self- 
process (i.e., cannot be un-hashed) that is used to compute 35 extracting executable distribution file is then executed to 
a secure hash value for the self-extracting, executable dis- install the software requested by the user 152. If the second 
tribution file . SHA hashing and RSA private key encryption SHA hash value and the original hash value are not identical, 
are known in the art. ^ then ^ self-extracting executable distribution file is 

The RSA encryption is completed with a 1024-bit private deemed to have been corrupted or altered and insecure, and 

key known only to the software distributor. This helps 40 mus k rejected and deleted 152. 

reduce the risk of accidental or intentional corruption or Tri c MSSFVerify( ) function operates in two modes; a 

tampering since only the software distributor knows the normal mode and verify only mode. The normal mode 

value for the private key used. The distributed software is removes the digital signature, verifies it, and renames the 

decrypted using a published public RSA decryption key. self-extracting executable distribution file if the file was 

As is shown in FIG. 8, the digital signature 138 is added 45 signed by SIGNMS using the destination file argument. The 

to the bottom of the self-extracting executable distribution verify only mode verifies the digital signature without 

file 140 after the last data block 142 of the executable removing the digital signature or renaming the file. If the file 

(*.EXE) information (i.e., the extractor program and the wa s signed in-situ, then both modes are the same. The 

cabinet file). Since most executable (*.EXE) files have a MSSFVerify( ) function is summarized below, 

header 144 that indicates the number of data blocks of 50 

executable information, adding the digital signature 138 MSSFVcrify(PMSSFVY* P m SS e); 

after the last data block of executable information 142 

prevents complaints or problems with most existing tools rarameters: 

(e.g., VIRUS checkers) and operating systems which pro- *pmssf A pointer to a MSSFVY data structure contain- 

cess executable information. ~ 55 in S thc namc of the file t0 bc checked, a buffer for the 

SIGNMS will also detect a file that is already signed and resulting file name, flags, error codes, and a function 

prevent the user from adding a second digital signature. An to be called at nervals for status updates and to 

«/F" switch overrides this detection and will allow SIGNMS P r0Vlde the ablhtv t0 cancel the °P eraUon - 

to replace the digital signature with a new signature if the file Return Value: 

is already signed. Replacing a signature is useful if the 60 Returns zero on success. On failure, it returns a non- 
private encryption key becomes compromised at some time, zero value indicating the reason for the failure, 
and there is a need to introduce a new private key to re-sign If tne digital signature is verified as correct, the extractor 
all files previously signed. The SIGNMS application is in the self-extracting executable distribution file (e.g., 
summarized below. WEXTRACT) extracts and decompresses (if compression 

65 was used) all the files in the cabinet file, and automatically 

signms [/F] source [destination] starts the installation program (if any) that was specified 

(e.g., setup.exe/RUN) when the cabinet file was created. 
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Alternatively, the user can also be prompted by the network 
browser to start the installation program, or start the instal- 
lation program manually at a later time. 

The installation program installs the software in the 
appropriate directories on the client computer. In addition, 5 
the installation program is typically configured to clean-up, 
update, or delete any unnecessary or out-of-date files after 
installation. 

Software sent from a server application on a server 
computer or from an update service in a secure, self- 3Q 
extracting, executable distribution file gives the user confi- 
dence that the requested software will not damage or cause 
problems on the user's computer. Thus, the user is more 
likely to accept electronic copies of new or enhanced 
versions of computer software. The software distributor, by 
signing the software with a digital signature encrypted with 15 
a private RSA encryption key, also has a high degree of 
confidence that any software sent over a public computer 
network (Internet or intranet) will arrive without being 
accidentally or intentionally corrupted. 

With automatic downloading and installation of computer 20 
software from the update or network service provider 
service, the user is relieved from the burden of obtaining 
computer software (e.g., on storage media, by downloading 
from a bulletin board or on-line service, etc.), and installing 
the computer software on the user or client network com- 2 s 
puter. Once a user purchases computer software, periodic 
accessing of the update service or a network service provider 
will keep the user current and up-to-date. 

It should be understood that the programs, processes, or 
methods described herein are not related or limited to any 
particular type of computer apparatus, unless indicated oth- 
erwise. Various types of general purpose or specialized 
computer apparatus may be used with or perform operations 
in accordance with the teachings described herein. 

In view of the wide variety of embodiments to which the 35 
principles of this invention can be applied, it should be 
understood that the illustrated embodiments are exemplary 
only, and should not be taken as limiting the scope of our 
invention. Rather, we claim as our invention all such 
embodiments as come within the scope and spirit of the 
following claims and equivalents thereto. 

We claim: 

1. In a local computer with a network browser in com- 
munication with a remote server computer over a computer 
network, a method of installing software on the local 
computer, the method comprising: 

during browsing of a hypertext document with the net- 
work browser, encountering with the network browser 
at the local computer a hypertext tag indicative of a 
software program resident on the server computer to be 5Q 
automatically installed at the local computer, wherein 
the hypertext tag resides in the hypertext document; 

responsive to encountering the hypertext tag in the hyper- 
text document, automatically downloading from the 
server computer an executable file for installing the 55 
software program; and 

executing the executable file at the client computer to 
install the software program at the client computer. 

2. A computer readable medium having computer- 
executable instructions for performing the steps of the 60 
method in claim 1. 

3. The method of claim 1 further comprising: 
sending a file request from the local computer to the 

server computer upon encountering the tag; and 
generating at the server computer the executable file in 65 
response to the file request, wherein the executing step 
comprises: 
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executing at the client computer the executable file to 
extract an installation utility and a grouping of 
software from the executable file; and 

automatically executing the installation utility at the 
local computer to install the grouping of software at 
the local computer. 

4. The method of claim 1 wherein the executable file has 
a digital signature and wherein the method further com- 
prises: 

verifying the digital signature before the executing step to 
determine if the digital signature is proper; and 

inhibiting the executing step if the verifying step indicates 
the digital signature is improper. 

5. In a local computer system with an operating system, 
a network browser for browsing hypertext pages available 
from remote computer systems connected to the local com- 
puter over a network, the network browser operable for 
acquiring an executable file comprising a software upgrade 
from a server computer, the browser comprising: 

a facility for identifying a tag indicative of a software 
upgrade when encountered in one of the hypertext 
pages, the tag indicative of the executable file's loca- 
tion; 

a facility for downloading the executable file from the 
server computer automatically upon encountering the 
tag; 

a facility for automatically submitting the executable file 
to the operating system for execution to install the 
software upgrade at the local computer after it is 
downloaded by the downloading facility. 

6. The network browser of claim 5 wherein the tag 
comprises a description of the software upgrade and a time 
stamp indicating a date of the software upgrade. 

7. A computer-readable medium having stored thereon a 
hypertext page with a tag data structure for identifying to a 
browsing client computer a software upgrade to be installed 
at the client computer automatically upon browsing the 
page, the data structure comprising: 

a tag name instructive to automatically install the software 
upgrade; and 

a link to a server computer on which a downloadable file 
comprising the software upgrade is stored. 

8. The computer-readable medium of claim 7 wherein the 
data structure further comprises: 

a field indicative of a time stamp associated with the 

software upgrade; and 
a field describing the upgrade. 

9. The computer-readable medium of claim 7 wherein the 
tag data structure is in HTML, format to trigger automatic 
downloading and installation of the software from the server 
when the tag data structure is encountered by an HTML 
browser recognizing the tag name. 

10. The computer-readable medium of claim 9 wherein 
the software upgrade is a viewer for use with the HTML 
browser. 

11. In a local computer system having a network browsing 
system, a method of delivering a remotely-located piece of 
software to the local computer, the method comprising: 

downloading a document; 

encountering in the document a tag identifying a location 
of the remotely-located piece of software; and 

responsive to said encountering, downloading to the local 
computer system the piece of software from the loca- 
tion identified by the tag. 

12. A computer-readable medium having computer- 
executable instructions for performing the actions of the 
method in claim 11. 
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13. The method of claim 11 wherein the piece of software 
is embedded in a file comprising an installation utility for 
installing the piece of software and an extractor positioned 
in the file to be executed upon execution of the file, wherein 
the extractor extracts the piece of software and the instal- 
lation utility from the file when executed, the file further 
comprising a section of executable code for automatically 
invoking the installation utility after the extractor extracts 
the piece of software and the installation utility from the file, 
the method further comprising: 

executing the file to execute the extractor to extract the 
piece of software and the installation utility from the 
file and automatically invoke the installation utility to 
install the extracted piece of software. 

14. In a local computer system having a network browsing * 5 
system comprising a set of installed software, a method of 
updating the network browsing system with the network 
browsing system, the method comprising: 

downloading a document to the local computer system; 

with the network browsing system, encountering in the 
document a tag identifying a location of a file com- 
prising a remotely-located piece of software, wherein 
the remotely-located piece of software updates the set 
of installed software to update the network browsing 
system; and 

responsive to said encountering, downloading the file 
from the location identified by the tag to the local 
computer system to install the piece of software iden- 
tified by the tag on the local computer system to update 30 
the network browsing system. 

15. A computer-readable medium having computer- 
executable instructions for performing the actions of the 
method in claim 14. 

16. The method of claim 14 wherein the document is 
downloaded by the network browsing system. 

17. The method of claim 14 wherein 
the location is specified in the tag as a conventional 

hypertext markup language uniform resource locator; 
and 

said downloading retrieves the file via the hypertext 
markup language uniform resource locator. 
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18. The method of claim 14 wherein the tag further 
identifies a title associated with the remotely-located piece 
of software. 

19. The method of claim 14 wherein the piece of software 
is a viewer for the network browsing system. 

20. The method of claim 14 wherein the piece of software 
is embedded in a file comprising an installation utility for 
installing the piece of software and an extractor positioned 
in the file to be executed upon execution of the file, wherein 
the extractor extracts the piece of software and the instal- 
lation utility from the file when executed, the file further 
comprising a section of executable code for automatically 
invoking the installation utility after the extractor extracts 
the piece of software and the installation utility from the file, 
the method further comprising: 

executing the file to execute the extractor to extract the 
piece of software and the installation utility from the 
file and automatically invoke the installation utility to 
install the extracted piece of software. 

21. In a local computer, a self -updating network browser 
system comprising: 

document downloading means for downloading and ren- 
dering remotely-located documents; 

tag detection means for detecting in the documents a tag 
specifying a location of a remotely-located software 
program upgrading the browser system; and 

software program downloading means to download the 
remotely -located software program upgrading the 
browser system from the location specified to the local 
computer. 

22. The self -updating network browser system of claim 21 
wherein the software program is a viewer for rendering 
elements embedded within the remotely-located documents. 

23. The self -updating network browser system of claim 21 
further comprising: 

a program launcher for executing the software program 
downloaded to the local computer to install an upgrade 
to the network browser system. 
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Line 35, "e.g." should read e.g. --. 
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